Note: The document version used for the quote below is 20211203 dated October 2, 2023.
In section 9.5 of the RISCV privileged spec there is the following statement:
The vsstatus field MXR, which makes execute-only pages readable, only overrides VS-stage page protection. Setting MXR at VS-level does not override guest-physical page protections. Setting MXR at HS-level, however, overrides both VS-stage and G-stage execute-only permissions.
If the following are true:
- Machine is operating in VS mode
- HS level MXR = 1
- VS level MXR = 0
- VSATP.MODE != BARE
- HGATP.MODE = BARE
Does the HS level MXR still override the VS level execute pages as readable when the HGATP mode is bare?
Thank you.
If the spec is followed to the letter, it appears that HS level MXR would indeed make the Execute only pages readable independent of hgatp.mode. It seems odd that hgatp.MODE=BARE(which seems to be the only way to disable two stage paging when V=1) would allow the VS stage execute permissions to be overidden.
Yes it would AFAIU. The
sstatus.MXRwill be ignored for G-stage translations as the translation stage is disabled, but for VS-stage translation it would make executable readable.sstatus.MXRis supposed to be used in hypervisor handlers when reading guest instructions as part of a trap and it is supposed to be 0 otherwise.If let's say
sstatus.MXRdoesn't effect the VS-mapping whenhgatp=BARE, then to read the guest instruction, hypervisor will need to rely on updatingvsstatus.MXRand it will create multiple paths of trap handling depending whenhgatpis BARE or not.What I mean is, in trap handler, hypervisor will have to set
sstatus.MXR=1 whenhgatp!= BARE to read guest instructions and whenhgatp== BARE, it will have to setvsstatus.MXR=1 to access guest instruction.